[32991] in Kerberos
Re: some cross-realm trust questions
daemon@ATHENA.MIT.EDU (Victor Sudakov)
Mon Dec 27 10:50:29 2010
From: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
Date: Mon, 27 Dec 2010 05:20:19 +0000 (UTC)
Message-ID: <if97mj$cv6$2@relay.tomsk.ru>
X-Complaints-To: noc@sibptus.tomsk.ru
X-Comment-To: Nicolas Williams <Nicolas.Williams@oracle.com>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Nicolas Williams wrote:
> > 1. If a cross-realm trust is configured, do the realms' KDCs ever have to
> > exchange any traffic between each other?
> No, they do not.
That's great, but at least at the initialization stage, how is a
shared key for the corresponding krbtgt principals transferred between
the two KDCs?
The Windows "New Trust" wizard just asks for a password and never
offers to export a keytab or anything.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
